One method of identifying, mitigating and maintaining an acceptable level of risk against smart building technologies is to navigate through the process of a cybersecurity certification program. Of course, justifying the time and money spent on aptly securing proptech is often easier said than done.
I sat down with Lucian Niemeyer, CEO of Building Cyber Security (BCS), to give us his take on how to incentivize this process so that property owners will gain interest in a standards-based integration and management system that reduces the risk of rapidly growing IT and OT smart building threats.
Creating an incentive-backed cyber security certification program
BCS is a non-profit organization focused on developing standards, frameworks and certifications that help facilitate the deployment of IT/OT technologies while significantly reducing risk.
The organization is currently in the latter stages of completing their core digital and physical cybersecurity framework.
“It’s really difficult to convince a building owner or CEO of a property management firm to invest in risk mitigation,” observed Niemeyer. “Instead, and not surprisingly, they’re far more interested in investments that can generate profits and to grow their brand.”
“At this point, there’s no direct reward for reducing the current risk to their business operations,” he continued. “For BCS, it became critically important that we find a way to come up with a return on the cyber security investment that property owners make.”
Reducing cyber risks while boosting monetization
Once finalized, the BCS organization will transition its resources into the creation of education/training material and certification programs designed to reduce cybersecurity risk while simultaneously facilitating monetary incentives to entice building owners to participate.
Having a background in the public sector within the US Air Force, the US Senate and as an Assistant Secretary of Defense, Niemeyer points out that developing monetary incentives within the private sector is much easier compared to the public sector.
He contends, “Looking at the government, the only real incentive that can be produced by partaking in a cyber security certification program is improved mission assurance. In this situation, your return on investment is increasing the likelihood that you won’t have a mission failure.”
Niemeyer adds, “In the commercial world, however, creating incentives is far easier because you’ve got a range of monetary options available. At BCS, our incentive focus is on cost saving benefits to commercial property owners through the reduction of building and associated asset insurance policy premiums. This is achieved by proving that the property owner has taken the necessary steps to reduce cyber security risk throughout their buildings and IT and OT assets.”
BCS is an organization to keep on your radar
Under Niemeyer’s direction, the key monetary incentive concept is for BCS to partner with commercial real estate insurance companies to create ways where customers can receive various insurance premium discounts based on the BCS certification level outlined in their framework.
“We try to explain our concept in terms that anyone can understand and relate to,” explains Niemeyer. “For example, if you’re a homeowner and a car owner, you’re obviously paying insurance to protect those assets. To incentivize a proactive reduction in risk made by the policy holder, many auto insurance companies are beginning to roll out programs where you install a chip into your car that monitors how safely you’re driving. If safe driving habits are consistently met, you get a reduction in your auto policy. Likewise, if you install a security system in your house, again, you can receive a discount for your effort to protect that asset. A BCS certified building achieves the same goal of risk reduction with a monetary reward.”
At this time, BCS is continuing talks with the country’s largest insurers and have developed a BCS certification pilot program with multiple building owners who want to participate and provide relevant feedback.
Soon, expect the organization to fully finalize their training, certification and incentive program for all. This is an important risk reduction step in the world of proptech cyber security efforts --and it’s one that should be closely monitored by all stakeholders.